2

I have some questions concerning virtual private networks. I am developing a java web application that will request multiple services from multiple locations. One of those service endpoints is only accessible via VPN (on the providers network).

Questions:

  1. Can I "tunnel" to that VPN if a service needs to be called but remain on my network for other calls?
  2. If I connect my machine to the VPN, I have no access to the other machines (because as I am at the mercy of the remote servers network).

How should I adjust my design or implementation?

filter
  • 21
  • 6
Fuzz
  • 906
  • 1
  • 12
  • 24
  • 1
    This has everything to do with your local routing table. Basically, you want to make sure that the VPN connection doesn't point the default route to the VPN network. Instead, a single static route for the target machine's subnet (or better yet just his IP) should be established. – Jonathon Reinhart Jan 12 '15 at 13:26
  • http://stackoverflow.com/questions/899349/connecting-to-a-vpn-without-installation-of-client-software – SQL.injection Jan 12 '15 at 13:28
  • Thanks @JonathonReinhart , Are you saying that this can be solved with netwokring alone? and when I setup the VPN it took control of the default routing for my network, and instead there is a way for me to use my network for default routing except when an ip is requested? – Fuzz Jan 12 '15 at 13:29
  • 1
    Yes, that's exactly the idea. You'll also have to fiddle with DNS, if you're connecting to a host by name on the VPN. I've not yet figured out the best way to do that yet. Ideally the configuration would send DNS queries for the VPN domain to their resolver, and everything else to yours. Perhaps running dnsmasq would help here. – Jonathon Reinhart Jan 12 '15 at 13:32
  • Alternatively, if the IP on the VPN won't change, an entry in /etc/hosts would suffice. – Jonathon Reinhart Jan 12 '15 at 13:37
  • 1
    IMHO the question is not about developpement but more about VPN configuration. You could have better luck on ServerFault or NetworkEngeneering. – Serge Ballesta Jan 12 '15 at 13:45

0 Answers0